Monitor Windows Servers with WOCU

Monitoring the performance values of the Operating System of a physical or virtual server is as important as ever. With proper supervision, you can understand system resource usage and identify performance-related issues, such as utilization, downtime, and response time. In a previous blog post, we discussed the various ways to monitor Linux machines, covering the protocols you can enable on servers and the metrics you can obtain in each case. This time, let’s talk about how to monitor Windows servers with WOCU. Once again, we’ll refer to the WOCU user manual. Go to the MONITORING PACKS section. Under Pack Categories, you’ll find a list of packs grouped by families. To see the packs related to Windows, go to the Operating System category. Clicking on the [+] sign will expand the list of monitoring packs included in WOCU for monitoring Windows servers.

The following packs are useful for monitoring Windows servers:

• OS-RESOURCES
• Windows
• Windows-drive-size
• Windows-events
• Windows-process
• Windows-services

---

Now, let’s explore in detail what each of these packs offers.

OS-RESOURCES Pack

This pack is used to monitor Windows machines with SNMP enabled. Yes, SNMP on Windows? It’s not the most common setup, I know, but they do exist (like witches). In this Microsoft article, you can learn about SNMP and how to enable it on Windows machines. For our OS-RESOURCES pack, we use the HOST-RESOURCES-MIB and obtain the following metrics:

• Users – The number of user sessions for which this host stores state information.
• CPU usage 1m – Percentage of CPU usage in the last minute.
• Uptime – Time since the server was last started.
• Memory buffer usage – Amount (in bytes) of physical memory storage used for storing temporary data.
• Virtual memory usage – Amount (in bytes) assigned to virtual memory.
• RAM usage – Amount (in bytes) of RAM used.
• Partition X – Size of partition X used.
• Number of processes – Number of processes running on the Windows server.
• Processes P – Checks whether the process is active on Windows servers.

Additionally, this pack includes a very interesting “extra” feature, which is a discovery task for partitions and processes. This task serves as a foundation for selecting what you want to monitor from all the configured items on the machine.

Windows Pack

However, the default pack for monitoring Windows servers in WOCU is the pack called Windows 🙂 It works using the native Windows protocol, Windows Management Instrumentation (WMI). To use it, you’ll need to ask your Windows administrator to configure it for you and provide you with the following basic information:

• Domain – Domain of the Windows server.
• Domain User – Equivalent to the full User name (must have necessary permissions in the WMI tables for WOCU to query the tables and obtain the information monitored by the pack).
• Domain Password – The password of the WMI user.

With these 3 pieces of information, we can start receiving results about the services included in this monitoring pack. It includes the following services:

• EachCpu – % usage of each of the server’s CPUs in the last 5 minutes.
• EventLogApplication – Checks for Application logs labeled as Warning or Critical.
• Network Interface – Detects abnormal usage of the server’s network interfaces.
• Swap – Swap space usage (too much swap usage indicates memory shortage or memory loss).
• Big Processes – Checks CPU usage above a certain value.
• Physical memory usage – Amount (in bytes) assigned to physical memory.
• Services – Number of services set to AUTO (start) on the server.
• Load Average – System load average over the last 5 minutes.
• Inactive Sessions – Checks if the user is inactive.
• DisksIO – Speed at which data transfer between the hard drive and RAM occurs, or basically measures disk I/O time.
• Disks – Overall disk usage.
• EventLogSystem – Detects abnormal system events.
• Reboot – Displays the date of the last restart.
• ShareSpace – Checks available space on shared resources.

And that’s what we monitor when we assign the Windows pack to Windows servers. Not bad for getting a good idea of how our Windows machine is doing…

Other packs that enrich Windows server monitoring

Sometimes, however, we need a little more visibility on certain elements. This would be the case with disks since the previous pack only monitors the C:/ partition.

Windows Drive Size Pack

Then we can use the Windows-drive-size pack, which displays the size of any of the drives on a Windows server, also using the WMI protocol.

Windows Events Pack

Another case where our Windows pack might fall short is when monitoring System Events. In this case, we use the Windows-events pack. It’s very powerful because it allows you to perform very granular monitoring of the type of event you’re interested in. Below is a summary of the variables you can use to filter just the type of events you want to “hunt.”

---

List of variables to filter Windows system events

Windows Process Pack

If you want to closely monitor specific processes, you can use the Windows-process pack. This pack creates a service for each process you want to monitor, where you can check how much CPU and memory that process is consuming.

Windows Services Pack

Finally, if you only want to know whether a process is running or not, simply using the Windows-services pack will suffice 🙂 In this case, you just need to indicate the service name, and WOCU will check whether that service is stopped or running.

Conclusion

As you can see, there are two simple ways to monitor Windows servers in WOCU: using SNMP and using the classic Windows WMI. We hope it’s clearer now how to monitor Windows servers with WOCU. Which one will you use?

---